Item Search
     
BG-Wiki Search
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 49

Thread: Iframe on FFXIAH     submit to reddit submit to twitter

  1. #1
    Bagel
    Join Date
    Nov 2005
    Posts
    1,390
    BG Level
    6
    FFXIV Character
    Ellatrix Reatori
    FFXIV Server
    Sargatanas
    FFXI Server
    Fenrir

    Iframe on FFXIAH

    Just a head's up to be careful.

  2. #2
    An exploitable mess of a card game
    Join Date
    Sep 2008
    Posts
    13,197
    BG Level
    9
    FFXIV Character
    Gouka Mekkyaku
    FFXIV Server
    Gilgamesh
    FFXI Server
    Diabolos

    Fucking Apple trying to hack people's computer. Why won't they leave us alone.

  3. #3
    Banned.

    Join Date
    Aug 2007
    Posts
    2,751
    BG Level
    7
    FFXI Server
    Carbuncle
    WoW Realm
    Trollbane

    thanks for the heads up bro

  4. #4
    New Merits
    Join Date
    Jan 2009
    Posts
    214
    BG Level
    4
    FFXI Server
    Lakshmi

  5. #5

    ▲▲

    Join Date
    Aug 2005
    Posts
    6,803
    BG Level
    8
    FFXIV Character
    Pikarya Saisei
    FFXIV Server
    Excalibur

    Only affects IE users.

    Spoiler: show
    lol

  6. #6
    Relic Shield
    Join Date
    Apr 2008
    Posts
    1,725
    BG Level
    6

    No my print screen doesn't work but it redirects to
    http://seovery.dontclickthis.org/1/
    Which contains
    http://seovery.dontclickthis.org/1/ie7.htm
    http://seovery.dontclickthis.org/1/BDA.htm

    Oh and.
    www.seovery.noyou server location:
    Shanghai in China

  7. #7
    Campaign
    Join Date
    Sep 2007
    Posts
    6,630
    BG Level
    8
    FFXIV Character
    Sean Kipling
    FFXIV Server
    Midgardsormr

    Mmm, just saw this and freaked out a bit until I realized noscript is blocking it. Figured there'd be a topic.

    Any idea what it is exactly?

  8. #8
    Relic Shield
    Join Date
    Apr 2008
    Posts
    1,725
    BG Level
    6

    Well it has to do with china... I would stay away from ffxiah right now if I were you.
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
    <HTML xmlns="http://www.w3.org/1999/xhtml"><HEAD><TITLE>cnzz.com,流量统计,流量监测,广告效果,广告分析,免费流量统计</TITLE>
    <META http-equiv=Content-Type content="text/html; charset=gb2312">
    <LINK href="/v1/templates/login/cnzz_common.css" type=text/css rel=stylesheet>
    <style>
    /*09-3-6查看密码页*/
    .txtads{width:745px;height:51px; border:1px solid #c3dbeb;margin-top:15px; float:left}
    .txtads-tit{width:20px;height:51px; float:left; text-align:center;background:#dfebfc; border-right:1px solid #c3dbeb;}
    .txtads ul{margin-top:0;}
    .txtads li{float:left;width:223px; line-height:24px; list-style:none; font-family:"宋体"}
    .add-d5{WIDTH: 990px;margin:0 auto; text-align:center; clear:both}
    .add-d5 img{width:300px;height:60px;border:1px solid #d9d9d9; margin:10px;margin-top:0px;}
    .red:link,.red:visited{color:#fb0505;text-decoration:underline;}
    .red:hover,.red:active{color:#2566a6;text-decoration:none;}
    </style>
    
    <SCRIPT>
    function clockon()
    {
        var now = new Date();
        var year = now.getFullYear(); //getFullYear getYear
        var month = now.getMonth();
        var date = now.getDate();
        var day = now.getDay();
        var hour = now.getHours();
        var minu = now.getMinutes();
        var sec = now.getSeconds();
        var week;
         month = month+1;
        if(month<10)month="0"+month;
        if(date<10)date="0"+date;
        if(hour<10)hour="0"+hour;
        if(minu<10)minu="0"+minu;
        if(sec<10)sec="0"+sec;
        var arr_week = new Array("星期日","星期一","星期二","星期三","星期四","星期五","星期六");
         week = arr_week[day];
        var time = "";
         time = year+"年"+month+"月"+date+"日"+" "+hour+":"+minu+":"+sec+" "+week;
     
    	document.getElementById("bgclock").innerHTML="["+time+"]";
    
        var timer = setTimeout("clockon()",200);            
    }
    </SCRIPT>
    
    <META content="MSHTML 6.00.6000.16705" name=GENERATOR>
    </HEAD>
    <BODY onload=clockon()>
    <DIV class=top>
    <DIV style="CLEAR: both">
    <DIV class=top_log><A href="http://www.cnzz.com/" target=_blank><IMG 
    src="/v1/templates/login/CNZZ_LOGO.gif" 
    border=0></A></DIV>
    
    <DIV class=top_link><A href="http://www.cnzz.com/" target=_blank>首页 </A>| <A href="http://data.cnzz.com/" target=_blank>调研中心 </A>| <A 
    href="http://www.lianmeng.com/" target=_blank>广告联盟 </A>| <A 
    href="http://tool.chinaz.com/" target=_blank>站长工具 </A>| <A 
    href="http://bbs.cnzz.com/" target=_blank>统计论坛 </A>| 
    <A href="http://new.cnzz.com/v1/help1.html" target=_blank>帮助 </A></DIV>
    <DIV class=top_userlogin>
    <DIV class=top_userloginb1></DIV>
    <DIV class=top_userloginb2>
    <DIV   class=top_webset>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;·<a style="color:#fffa74;text-decoration:none;font-size:12px;" href="http://lianmeng.com/cn.php?www.1topay.com"  target="_blank"> 【壹支付】秒清算,实时结算到卡!</a>                                                     &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ·<a style="color:#fffa74;text-decoration:none;font-size:12px;" href="http://doc.cnzz.com/a/gongsixinxi/guanggaofuwu/index.html"  target="_blank"> 广告位招租</a>
    
    </DIV>
    <DIV class=top_userinput id=bgclock></DIV></DIV>
    <DIV class=top_userloginb3></DIV></DIV></DIV>
    <DIV class=main>
    <div style="width:990px; height:auto; clear:both; margin:10px 0 10px 0; ">
    <div style="float:left; width:220px;">
    	<div class="sue2">
       	  <div class="bg1"><strong>焦点新闻</strong></div>
    		<div class="lin1">
            <ul style="margin:0; padding-left:15px;">
            <li><a href="http://www.cnzz.com/about/case.html" target=_blank>CNZZ与php168建站程序达成战略合作</a></li>
    
    <li><a href="http://www.cnzz.com/about/case.html#cnzz_dw" target=_blank>CNZZ与动网建站程序达成战略合作</a></li><li><a href="http://www.cnzz.com/about/case-aijuhe.html" target=_blank>CNZZ与爱聚合专题互动系统达成战略合作</a></li>
    <li><a href="http://www.cnzz.com/about/news.html" target=_blank>CNZZ新购百台服务器大力进军流量统计市场</a></li></ul>
    	  </div>
        </div>
        <div class="sue2">
       	  <div class="bg1"><strong>论坛热帖</strong></div>
    		<div class="lin1">
            <ul style="margin:0; padding-left:15px;">
    
            <li><a href="http://bbs.cnzz.com/read.php?tid=721" target=_blank>CNZZ站长统计新版功能介绍</a></li>
    		<li><a href="http://bbs.cnzz.com/read.php?tid=922" target=_blank>新版站长留言板使用帮助</a></li>
    <li><a href="http://bbs.cnzz.com/read.php?tid=275" target=_blank>自己保存stat.php统计代码的站长注意了!</a></li>
    <li><a href="http://bbs.cnzz.com/read.php?tid=1721" target=_blank>原cnzz客服qq279303已停止使用</a></li>
    <LI><A href="http://bbs.cnzz.com/read.php?tid=2317&fpage=4"  target=_blank>给站长统计官方公开致歉信</A></LI> 
    <LI><A href="http://bbs.cnzz.com/read.php?tid=2436&fpage=2" target=_blank>支持CNZZ,你们的统计很不错!感谢你们!</A></LI>
    </ul>      
    	  </div>
        </div></div>
    
    <div style="width:760px; padding:0; float:right;">
    <TABLE class=admin_section_feedback cellSpacing=0 cellPadding=0 width="100%" border=0>
      <THEAD>
      <TR>
        <TH align=middle class="thhh">
          <CENTER><STRONG style="font-weight:bold;">查看用户登录</STRONG> 
      </CENTER></TH></TR></THEAD>
      <TBODY></TBODY></TABLE>
    <DIV style="PADDING-RIGHT: 12px; PADDING-LEFT: 12px; PADDING-BOTTOM: 10px; MARGIN: 0px 0px 10px; WIDTH: 730px; LINE-HEIGHT: 10px; PADDING-TOP: 12px" 
    align=center>
    <DIV align=center><B class=btitle STYLE1>查看<A href="http://seovery.zzl.org/" 
    target=_blank><FONT color=#0000ff>ses</FONT></A>的站点统计</B><BR><BR></DIV>
    
    <DIV style="MARGIN: 0px auto; TEXT-ALIGN: center">
    <DIV 
    style="BORDER-RIGHT: #d8e5fb 1px dotted; PADDING-RIGHT: 6px; BORDER-TOP: #d8e5fb 1px dotted; PADDING-LEFT: 6px; PADDING-BOTTOM: 6px; MARGIN: 0px auto; BORDER-LEFT: #d8e5fb 1px dotted; WIDTH: 650px; COLOR: #ff0000; LINE-HEIGHT: 20px; PADDING-TOP: 6px; BORDER-BOTTOM: #d8e5fb 1px dotted; BORDER-COLLAPSE: collapse; BACKGROUND-COLOR: #f5f9ff">
    提示:这里输入的查看密码与您的<!--<A href="http://seovery.zzl.org/">-->前台用户管理<!--</A>-->密码不一样,需要<a 
    href="http://bbs.cnzz.com/read.php?tid=1271" target=_blank>独立设置</a>!
    <BR></DIV><br><br>
    <FORM class=kw name=form1 action=login.php?t=login&amp;siteid=1873312 
    method=post>
      <strong>查看密码:</strong>
      <input type=password class=kw  name="password" id="password" size=20 maxlength=60>
      <SCRIPT>document.form1.password.focus()</SCRIPT>
    
       &nbsp;
     <input type=submit class="sban" value=进入查看 height="29" width="68">
    </FORM><br><br>
    <div style="line-height:20px;">
    请注意:您现在访问的网页不属于“ses(http://seovery.zzl.org/)”,本站(cnzz.com)<BR>仅为“ ses ”提供流量统计服务,“ ses ”的经营活动均与本站无任何关系!
    </div>
    
    <DIV style="FONT-SIZE: 14px; MARGIN: 10px"><A 
    href="http://liuyan.cnzz.com/index.php?tid=1873312" target=_blank><STRONG>
    <U>给<FONT 
    color=#0000ff>ses</FONT>站长留言</U></STRONG></A> </DIV>
    
    <STRONG>[</STRONG><A 
    href="javascript:window.external.AddFavorite('http://new.cnzz.com/v1/login.php?siteid=1873312', 'ses--站长统计-ID=1873312')">添加本登录口到收藏夹</A><STRONG>]</STRONG> 
    </DIV></DIV>
    <div style="width:350px;height:60px;border:1px solid #d9d9d9;float:left;margin-left:15px"><a href="http://rd.cnzz.com/rd.htm?id=1288&r=http%3A%2F%2Fwww.woool123.com%2F"  target="_blank" class="spons-link"><img src="/v1/templates/login/350x60_cnzz.gif" width="350" height="60" border=0 /></a></div> 
    <div style="width:350px;height:60px;border:1px solid #d9d9d9;float:left;margin-left:15px">
    <!--
    <a href="http://lianmeng.com/cn.php?www.ads8.com/index.php"  target="_blank" class="spons-link"><img src="/v1/templates/login/xsycom.gif" width="350" height="60" border=0 /></a>
    -->
    
    
     <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase=" http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="350" height="60">
        <param name="movie" value="/v1/images/350-60.swf" />
        <param name="quality" value="high" />
        <embed src="/v1/images/350-60.swf" quality="high" pluginspage=" http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="350" height="60"></embed>
    
      </object> 
    
    </div>
    <div class="txtads">
    	<div class="txtads-tit">
    	    <div style="margin-top:15px;"><a style="color:#1157b0;text-decoration:none;" href="http://doc.cnzz.com/a/gongsixinxi/guanggaofuwu/index.html"  target="_blank" ><b>广告</b></a></div>
    	</div>
    	                              <ul>
    				<li>·<a href="http://rd.cnzz.com/rd.htm?id=1068&r=http%3A%2F%2Fwww.baiduup.com%2F"  target="_blank" style="color:red">百度优化,在线试用,三天升至第一!</a></li>
    
                                                                    <li>·<a href="http://rd.cnzz.com/rd.htm?id=1024&r=http%3A%2F%2Fbbs.admin5.com%20"  target="_blank" style="color:red">现金任务 交易 admin5 超级火爆</a></li>
                                                                    <li>·<a href="http://lianmeng.com/cn.php?www.idc123.com"  target="_blank">主机之家-虚拟主机评测+IDC导航</a></li>
    				<li>·<a href="http://doc.cnzz.com/a/gongsixinxi/guanggaofuwu/index.html"  target="_blank">广告位招租</a></li>
    				<li>·<a href="http://doc.cnzz.com/a/gongsixinxi/guanggaofuwu/index.html"  target="_blank">广告位招租</a></li>
                                                                    <li>·<a href="http://2010.jz123.cn"  target="_blank">2010年上海站长大会火热报名中</a></li>
    
    			</ul>
    </div>
    </DIV></DIV></DIV>
    
    <DIV class="add-d5">
    <script type="text/javascript" charset="gb2312" src="http://cache.lianmeng.com/ad_show?id=1021663"></script> 
    <a href="http://rd.cnzz.com/rd.htm?id=1970&r=http%3A%2F%2Fwww.530gg.com"  target="_blank" ><img src="/v1/templates/login/2221.gif">
    <a href="http://www.cnidc.com/item/Z29vZHNfaGlyZXx8fDI0MDg%3D/"  target="_blank" ><img src="/v1/templates/login/cnzz1.gif"></a>
    </DIV>
    
    <div style="width:990px; clear:both; text-align:center;"><a href="http://nt.phpwind.com/tj.php?id=283&verify=039f614bd5313bad5162242573c008d2&sign=miao-cnzz&type=click"  target=_blank><img src="/v1/templates/login/980x60_q.gif" border=0></a></div>
    
    </DIV>
    <div class="Footer">
    <h5 style="width:100%; height:1px; margin-bottom:5px; padding:0; font-size:0; background-color:#CCCCCC;"></h5>
    
    <a href="http://doc.cnzz.com/" class="tlink" target="_blank">公司简介</a>
    |<a class="tlink" href="http://doc.cnzz.com/a/zhanchangtongji/index.html" target="_blank">产品介绍</a>
    |<a class="tlink" href="http://doc.cnzz.com/a/meitibaodao/index.html" target="_blank">媒体报道</a>
    |<a class="tlink" href="http://doc.cnzz.com/a/gongsixinxi/zhaopinxinxi/index.html" target="_blank">人才招聘</a>
    |<a class="tlink" href="http://doc.cnzz.com/a/gongsixinxi/lianxiwomen/index.html" target="_blank">联系我们</a>
    |<a class="tlink" href="http://doc.cnzz.com/a/gongsixinxi/guanggaofuwu/index.html" target="_blank">广告服务</a>
    
    <br />
    <center>
    
    <font class=foot3D color="#808080" style="FONT-SIZE: 9px; COLOR: #808080" face="Verdana," 
    
    helvetica,arial, sans-serif>CopyRight @2002-2009 cnzz.com, Inc. All Rights Reserved </font>
    
    <hr width="300" color="#999999" size="0">
    
    <a target="_blank" style="color: #999999; text-decoration: none" href="http://www.miibeian.gov.cn">京ICP备09010031号</a>&nbsp;
    <font color="#999999"></font>
    
    <br><script src='http://v1.cnzz.com/stat.php?id=33222&web_id=33222&show=pic' language='JavaScript' 
    
    charset='gb2312'></script>
    <div style="display: none;">
    <script src='http://w.cnzz.com/c.php?id=30001831&l=888' language='JavaScript' charset='gb2312'></script>
    
    </div></CENTER></div></BODY></HTML>

  9. #9
    Cerberus
    Join Date
    Feb 2009
    Posts
    482
    BG Level
    4
    FFXI Server
    Asura

    So if I forgot to check block iframes when I reinstalled firefox/noscript.... virus scan gogo?

  10. #10
    Cerberus
    Join Date
    Jun 2007
    Posts
    409
    BG Level
    4

    anyone find the payload yet ;o

  11. #11
    E. Body
    Join Date
    Dec 2006
    Posts
    2,096
    BG Level
    7
    FFXI Server
    Leviathan

    Quote Originally Posted by Miroku_Asura View Post
    So if I forgot to check block iframes when I reinstalled firefox/noscript.... virus scan gogo?
    they said it only effects IE afaik, so you should be fine unless you got a warning from your virus scanner, or have one w/o warnings in place then I'd run a scan to be safe.

  12. #12
    Cerberus
    Join Date
    Feb 2009
    Posts
    482
    BG Level
    4
    FFXI Server
    Asura

    Quote Originally Posted by Wolfknight View Post
    they said it only effects IE afaik, so you should be fine unless you got a warning from your virus scanner, or have one w/o warnings in place then I'd run a scan to be safe.
    I've got AVG free atm... don't know how 'gtfo-tastic' it is when it comes to web pages with herpes

  13. #13
    E. Body
    Join Date
    Dec 2006
    Posts
    2,096
    BG Level
    7
    FFXI Server
    Leviathan

    Quote Originally Posted by Miroku_Asura View Post
    I've got AVG free atm... don't know how 'gtfo-tastic' it is when it comes to web pages with herpes
    Dunno I have Avast, and it always has obvious warning for active scanner, idk if AVG does the same.

  14. #14
    Sea Torques
    Join Date
    Feb 2005
    Posts
    699
    BG Level
    5
    FFXI Server
    Asura

    I'm not an uber tech expert but how does something like this get on ffxiah.com without the hosts allowing it / knowing about it? How possible is that?

  15. #15
    Hydra
    Join Date
    Jul 2009
    Posts
    147
    BG Level
    3
    FFXI Server
    Ifrit

    If I've already "Allowed all this page" on ffxiah previously, will the iframe still be blocked?

  16. #16
    Banned.

    Join Date
    Jun 2008
    Posts
    6,514
    BG Level
    8
    FFXI Server
    Phoenix

    IFRAME is still blocked if you click "Block IFRAME" under options I think.

  17. #17
    Hydra
    Join Date
    Nov 2007
    Posts
    107
    BG Level
    3
    FFXIV Character
    Byr Urumet
    FFXIV Server
    Ragnarok
    FFXI Server
    Ragnarok

    Quote Originally Posted by Shamaya View Post
    I'm not an uber tech expert but how does something like this get on ffxiah.com without the hosts allowing it / knowing about it? How possible is that?
    Code Injection.
    There must be a security flaw into FFXIAH's code.

    Using POST, GET with PHP or Javascript to generate code for your page if you don't test the returned values can be somewhat dangerous.

    Some script kiddie figured that out and used it to modify the page.

    If you allow code execution, you allow rewriting of source code. It could be that.

  18. #18
    King of the Jews
    Join Date
    Jul 2007
    Posts
    4,701
    BG Level
    7
    FFXI Server
    Ifrit

    looks like i can stay away from ffxiah atm...saw it too and kinda got worried >_>;

  19. #19
    Bagel
    Join Date
    Oct 2006
    Posts
    1,272
    BG Level
    6
    FFXIV Character
    Midnightjade Eleven
    FFXIV Server
    Midgardsormr
    FFXI Server
    Quetzalcoatl

    The suspect element is sitting right next to the 'Browse' button. One slip when you click and it's got you. Cheeky bastards.

    It needs to come off that site asap or else it's going to give some users a nasty surprise.

    [edit - I emailed Scragg btw, I'm guessing others did too but figured it made sense to make sure he knows about it]

  20. #20
    Sho
    Sho is offline
    YOU BLACK, MIDNIGHT, EVIL MOTHERFUCKERS!!! BLACK MAGIC, DARKNESS!!! YOU RAW, DARKNESS!!! YOU, FUCKING, DELIRIOUS MOTHERFUCKER!
    You were cold as ice.

    Join Date
    Jul 2006
    Posts
    11,975
    BG Level
    9
    FFXIV Character
    Sho Ryuuken
    FFXIV Server
    Excalibur

    Those cheeky bastards indeed.

Page 1 of 3 1 2 3 LastLast

Similar Threads

  1. Economic Index on FFXIAH
    By Tename in forum FFXI: Everything
    Replies: 1
    Last Post: 2009-04-17, 03:42
  2. iFrame Warning from antivirus on FFXIAH.com
    By Morbo666 in forum FFXI: Everything
    Replies: 24
    Last Post: 2009-01-29, 12:55
  3. Firefox with noscript and iframes disabled on somepage
    By Regal in forum FFXI: Everything
    Replies: 4
    Last Post: 2008-06-29, 15:23
  4. Questionable iframe on guildportal?
    By zhan in forum FFXI: Everything
    Replies: 14
    Last Post: 2007-12-18, 19:32
  5. Dynamis Sandoria on 15/07/04 [5 Pics]
    By Medic in forum FFXI: Everything
    Replies: 6
    Last Post: 2004-07-19, 13:49
  6. Dynamis Sandoria on 18/07/04 [7 Pics = 2.91MB] [Part 2]
    By Medic in forum FFXI: Everything
    Replies: 3
    Last Post: 2004-07-19, 08:32
  7. Dynamis Sandoria on 18/07/04 [9 Pics = 2.62MB] [Part 1]
    By Medic in forum FFXI: Everything
    Replies: 0
    Last Post: 2004-07-19, 02:19